Commit Graph

60 Commits

Author SHA1 Message Date
Mrunal Patel 0e72bfb815 Fix files not closed in mountinfo parsing function
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-07-27 19:33:39 -04:00
Michael Crosby 4507c068ba Merge pull request #145 from LK4D4/sysfs_ro
Remount /sys/fs/cgroup as RO if MS_RDONLY was passed
2015-07-27 09:12:55 -07:00
Lai Jiangshan f26935eb0c test: propagate the error to the caller
When the copyBusybox() fails, the error message should be
propagated to the caller of newRootfs().

Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
2015-07-25 22:25:43 +08:00
Mrunal Patel 32aa2756ca Merge pull request #148 from jhjeong-kr/typo
typo: tempory -> temporary
2015-07-23 20:46:12 -07:00
Jin-Hwan Jeong 491cfef259 typo: tempory -> temporary
Signed-off-by: Jin-Hwan Jeong <jhjeong.kr@gmail.com>
2015-07-24 11:19:25 +09:00
Alexander Morozov d89964eed3 Remount /sys/fs/cgroup as RO if MS_RDONLY was passed in m.Flags
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-22 11:05:40 -07:00
Alexander Morozov 1ed929f177 Merge pull request #114 from brahmaroutu/gccgo_stacktrace_loops
avoid infinite loop with GCCGO
2015-07-21 11:05:09 -07:00
Alexander Morozov d3217084b5 Create symlinks for merged cgroups
This allows software be not aware about existence of merged cgroups.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-20 16:12:28 -07:00
Mrunal Patel 073e76c9fc Merge pull request #142 from avagin/cr
ct: give criu informations about cgroup mounts
2015-07-20 15:13:03 -07:00
Andrey Vagin af4a5e708a ct: give criu informations about cgroup mounts
Actually cgroup mounts are bind-mounts, so they should be
handled by the same way.

Reported-by: Ross Boucher <rboucher@gmail.com>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-07-20 22:56:07 +03:00
Alexander Morozov c0e18b96fb Fix subsystem path with abs parent
Sometimes subsystem can be mounted to path like "subsystem1,subsystem2",
so we need to handle this.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-20 11:48:58 -07:00
Mrunal Patel 5b805276c2 Revert "Remount /sys/fs/cgroup as readonly always"
This reverts commit 18de1a273e.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-07-17 17:50:46 -04:00
Mrunal Patel 618e0caeca Merge pull request #135 from LK4D4/fix_apply_cgroups
Substract source mount from cgroup dir
2015-07-17 13:55:01 -07:00
Alexander Morozov 18de1a273e Remount /sys/fs/cgroup as readonly always
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-17 12:45:09 -07:00
Alexander Morozov fc31076c23 Substract source mount from cgroup dir
This is needed because for nested containers cgroups. Without this patch
they creating unnecessary intermediate cgroup like:
/sys/fs/cgroup/memory/system.slice/docker-9409d9f0b68fb9e9d7d532d5b3f35e7c7f9cca1312af392ae3b28436f1f2998f.scope/system.slice/docker-9409d9f0b68fb9e9d7d532d5b3f35e7c7f9cca1312af392ae3b28436f1f2998f.scope/docker/908ebcc9c13584a14322ec070bd971e0de62f126c0cd95c079acdb99990ad3a3

It is because in /proc/self/cgroup we see paths from host, and they don't
exist in container.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-17 11:41:58 -07:00
Mrunal Patel 2598484b97 Merge pull request #130 from LK4D4/cgroups_mount_fix
Cgroups mount fix
2015-07-16 10:49:13 -07:00
Alexander Morozov e289cf734b Fix handling name= cgroups
Before name=systemd cgroup was mounted inside container to
/sys/fs/cgroup/name=systemd, which is wrong, it should be
/sys/fs/cgroup/systemd

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-15 13:58:17 -07:00
Alexander Morozov f6eb19c0d5 Tests for mounting cgroups
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-15 11:07:03 -07:00
Alexander Morozov 40b9b89107 Substract bindmount path from cgroup dir
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-15 10:41:25 -07:00
Mrunal Patel 42aa891a6b Merge pull request #91 from hqhq/hq_add_cgroup_mount
Add cgroup mount in the recommended config
2015-07-15 09:51:24 -07:00
Alexander Morozov 0d948945b0 Merge pull request #127 from hqhq/hq_fix_tmpfs_mount
Correct tmpfs mount for cgroup
2015-07-14 22:11:52 -07:00
Qiang Huang d7181a73e4 Add cgroup mount in the recommended config
And allow cgroup mount take flags from user configs.
As we show ro in the recommendation, so hard-coded
read-only flag should be removed.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-07-15 09:31:39 +08:00
Qiang Huang b1fd78346e Correct tmpfs mount for cgroup
Fixes: https://github.com/docker/docker/issues/14543
Fixes: https://github.com/docker/docker/pull/14610

Before this, we got mount info in container:
```
sysfs /sys sysfs ro,seclabel,nosuid,nodev,noexec,relatime 0 0
 /sys/fs/cgroup tmpfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
cgroup /sys/fs/cgroup/cpuset cgroup rw,relatime,cpuset 0 0
```

It has no mount source, so in `parseInfoFile` in Docker code,
we'll get:
```
Error found less than 3 fields post '-' in "84 83 0:41 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs  rw,seclabel"
```

After this fix, we have mount info corrected:
```
sysfs /sys sysfs ro,seclabel,nosuid,nodev,noexec,relatime 0 0
tmpfs /sys/fs/cgroup tmpfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
cgroup /sys/fs/cgroup/cpuset cgroup rw,relatime,cpuset 0 0
```

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-07-15 09:09:09 +08:00
Qiang Huang 4e244108ef Fix error when memory cgroup not mounted
Fixes: #57

Normally all cgroup subsystems are optional except device cgroup,
but memory cgroup optional was broken by:
https://github.com/docker/libcontainer/pull/637

This patch fixes this.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-07-13 18:22:35 +08:00
root b5412d1b59 the data type should be int8 for ppc64le
Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
2015-07-10 20:11:11 +00:00
root 23e3887e05 avoid infinite loop with GCCGO
Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
2015-07-10 19:15:26 +00:00
Mrunal Patel 503adf586f Remove deserialization tests.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-07-09 18:46:13 -04:00
Michael Crosby e9c0535f3c Merge pull request #52 from jhowardmsft/remove-seccomp
Windows: Factor out seccomp
2015-07-09 11:50:41 -07:00
Michael Crosby e224e2c468 Merge pull request #53 from jhowardmsft/CloseExecFrom
Windows: Factor out CloseExecFrom
2015-07-09 11:50:07 -07:00
Mrunal Patel 6c88b305de Merge pull request #97 from hqhq/hq_add_oom_kill_disable
Add oom-kill-disable support for systemd
2015-07-08 09:40:08 -07:00
Qiang Huang b4d1df0131 Add oom-kill-disable support for systemd
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-07-08 09:21:46 +08:00
Michael Crosby a7a7263b4c Merge pull request #95 from rajasec/runc_teststepissue
Fixing memory swappiness as -1 in template file for older kernels
2015-07-07 11:08:16 -07:00
Michael Crosby f7431f1f66 Merge pull request #73 from mrunalp/sysctl
Adds Sysctl support
2015-07-07 09:33:44 -07:00
Rajasekaran e027c57f38 Fixing test step for memory swappiness
Signed-off-by: Rajasekaran <rajasec79@gmail.com>
2015-07-07 21:15:59 +05:30
Qiang Huang 18a2ca3758 Remove sample configs from libcontainer
They are for nsinit, and is no longer used.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-07-07 07:41:19 +08:00
Mrunal Patel 8ea6c65d12 Rename SystemProperties to Sysctl and make it available in the runc config
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-07-06 19:18:08 -04:00
Mrunal Patel 5ec11a2918 Merge pull request #86 from ktraghavendra/85_container_swappiness
Treat -1 as default value for memory swappiness
2015-07-06 10:12:22 -07:00
Raghavendra K T 88104a4444 Treat -1 as default value for memory swappiness.
In some older kernels setting swappiness fails. This happens even
when nobody tries to configure swappiness from docker UI because
we would still get some default value from host config.
With this we treat -1 value as default value (set implicitly) and skip
the enforcement of swappiness.

However from the docker UI setting an invalid value anything other than
0-100 including -1 should fail. This patch enables that fix in docker UI.

without this fix container creation with invalid value succeeds with a
default value (60) which in incorrect.

Signed-off-by: Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
2015-07-03 18:19:45 +05:30
Michael Crosby 1865c0aac6 Remove apparmor profile generation from libcontainer
The creation of the profile should be handled outside of libcontainer so
that it can be customized and packaged.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-07-02 13:45:27 -07:00
Alexander Morozov 38c34d6036 Fix build tags
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-01 13:22:09 -07:00
Michael Crosby 38d06a35e4 Merge pull request #45 from LK4D4/makefile_imp
Some new stuff for makefile
2015-06-30 11:04:03 -07:00
Alexander Morozov a87bc12f86 Add makefile targets for basic lint and testing
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-06-30 10:17:10 -07:00
Mrunal Patel 0a4ba80b71 Merge pull request #59 from cyphar/603-fixup-API
libcontainer: user: fix GetAdditionalGroups* API
2015-06-30 08:52:19 -07:00
Mrunal Patel 15ed8ff7b1 Merge pull request #55 from mapk0y/add_filelocks_option
checkpoint/restore commands support 'file-locks' option.
2015-06-28 16:23:45 -07:00
Aleksa Sarai 14f271fe4c libcontainer: user: update tests for GetAdditionalGroups
Update the tests to use the test-friendly GetAdditionalGroups API,
rather than making random files for no good reason.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2015-06-28 11:23:37 +10:00
Aleksa Sarai 85f722dea0 libcontainer: user: fix GetAdditionalGroupsPath to match API
The old GetAdditionalGroups* API didn't match the rest of
libcontainer/user, we make functions that take io.Readers and then make
wrappers around them. Otherwise we have to do dodgy stuff when testing
our code.

Fixes: d4ece29c0b ("refactor GetAdditionalGroupsPath")
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2015-06-28 11:23:01 +10:00
John Howard dda986aaa0 Windows: Factor out seccomp
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-06-27 16:56:39 -07:00
mapk0y 986dc0f730 checkpoint/restore commands support 'file-locks' option.
Signed-off-by: mapk0y <mapk0y@gmail.com>
2015-06-27 18:56:24 +09:00
John Howard 9f80f3f181 Windows: Factor out CloseExecFrom
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-06-26 20:13:17 -07:00
Alexander Morozov 4d6c19af8b Fix absolute path getting for runc binary
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-06-26 14:56:53 -07:00